Snap-confine elevated permissions error after using USG

Hi everyone,

I have searched through similar posts here, but so far none of them worked.

After installing Ubuntu 22.04, activating Pro, and running USG with this command:

sudo usg fix cis_level1_workstation

I can no longer run any snap-related apps, because they all fail with this error:

snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks
Please make sure that snapd.apparmor service is enabled and started.

apparmor is active (exited), while snapd is active (running). I have tried the fixes (like restarting the services) in this StackOverflow page (and on a few others as well).

I’ve seen that peope usually ask for the result of “snap version”, so this is it:

snap       2.63+22.04
snapd      2.63+22.04
series     16
ubuntu     22.04
kernel     6.5.0-41-generic

I have also tried updating the kernel, but this seems to be the most up-to-date version (linux-image-6.5.0-41-generic).

I would like to also tag @zyga-snapd and @jdstrand as it seems like they have been helping out in similar cases. Please forgive me if tagging is ‘too much’.

Please let me know what other information shall I provide, and thank you for any help in advance!

Edit: the output for ‘sudo aa-status | grep snap-confine’ is this:

/snap/snapd/20671/usr/lib/snapd/snap-confine
/snap/snapd/20671/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/snap/snapd/21759/usr/lib/snapd/snap-confine
/snap/snapd/21759/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/lib/snapd/snap-confine
/usr/lib/snapd/snap-confine//mount-namespace-capture-helper

I think after jdstrand moved on to other endeavours, you rather want @alexmurray … And I think zyga actually uses @zyga now in this forum (perhaps it is time to delete the old account?)

1 Like